Maybe hosting services in France is not a good idea afterall...
Being a node isn't an issue. The traffic is encrypted, the destinations are unknown to the nodes themselves, and the traffic does not leave the overlay network (I2P). In TOR, you also have something similar, but the traffic can exit the overlay network but to do so, your node must be an exit node. I2P nodes are internal by default and it's not that easy to make it an exit node.
You are very safe being a node in I2P.
If there are no logs, there is nothing to give up. There is no law that they have to keep logs as far as I know.
You have to trust that the VPN provider doesn't store logs. I2P is pretty much trustless besides where the binary comes from, but you can even compile it yourself.
Hey :) Hope you're doing well!
That is actually a good question. Probably the consumer protection agency would be a place to report it. There must also be non-profit watchdogs, but I can't think of any besides NOYB (none of your business) who are all about privacy.
Indeed. I'm not sure what the format is and whether a man in the middle or fake service could be run on the device, which pretends to be google's attestation service and just responds with a "yep, this device is fine" in the correct format. It may be easier than rewriting an entire app and be applicable to other apps as well.
Can someone start a Signal group? That's encrypted and safe for sure. You can use usernames and have public groups.
I think it's more a monopoly attempt. I wonder how the EU will react if someone takes this to court.
Forcing one app store fits the bill of monopolistic action.
It's not the store that's the problem. The integrity API is a web API. First the app collects data about your phone locally and then it sends it to google asking "is this phone 'safe'?". Google then responds with how safe it believes the phone to be and the app itself makes a decision. The alternative app store is completely out of the loop.
It's maybe difficult to maintain privacy. The destination needs to be known and has to somehow notify other nodes that it's waiting for messages. I don't know if that can lead to traffic profiling to along the path (if enough nodes are owned) to deanonimise.
The sender can probably sealed like signal does though.
Maybe present what it's for and why you think it should be used? To me, you just proposed a random tool and just shared a link. Sorry dude, I ain't reading all that.
Anti Commercial-AI license